OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

ws-brsp-comment message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [ws-brsp-comment] ws-i bsp1.1 test tool issue - and next meeting this month

Good question Kim..


In fact, I am tentatively going to schedule… next week March 20 (I cannot do 27th), 11amPT

You are welcome to attend as invited, for a portion of the meeting.







From: Jim Ma [mailto:ema@redhat.com]
Sent: Sunday, March 09, 2014 7:49 PM
To: Jacques Durand
Cc: ws-brsp@lists.oasis-open.org; ws-brsp-comment@lists.oasis-open.org; Alessio Soldano
Subject: Re: [ws-brsp-comment] Another ws-i bsp1.1 test tool issue ?


Thanks Jacques for you quick response.
BTW, what's the date for this month meeting ?


On 03/07/2014 06:44 AM, Jacques Durand wrote:


You seem to be right: requirement R5206 does not apply in your case. The test tool for BSP11 is wrongly failing your message.

That is my opinion, but the TC will probably confirm this at this month meeting.




From: ws-brsp-comment@lists.oasis-open.org [mailto:ws-brsp-comment@lists.oasis-open.org] On Behalf Of Jim Ma
Sent: Tuesday, March 04, 2014 6:17 AM
To: ws-brsp@lists.oasis-open.org; ws-brsp-comment@lists.oasis-open.org
Cc: Alessio Soldano
Subject: [ws-brsp-comment] Another ws-i bsp1.1 test tool issue ?


Hi All,

This might be another wsi-bsp test tool issue. 

When I checked the compliance with BSP 1.1 test tool against following message:

<wsse:SecurityTokenReference xmlns:wsse11="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd" wsse11:TokenType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1" wsu:Id="STR-3C1588359FBECE435C139384414735011">
<wsse:KeyIdentifier ValueType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID">_3C1588359FBECE435C139384414734810</wsse:KeyIdentifier>

The reports generated by analyzerV11 says this message breaks the R5206:

<entry referenceID="message_3-strKeyIdentifier-2" type="strKeyIdentifier" value="">
<assertionResult id="BSP5206" result="failed">
<failureMessage xml:lang="en">The wsse:KeyIdentifier ValueType attribute is incorrect</failureMessage>
<failureDetail xml:lang="en">The wsse:KeyIdentifier ValueType attribute is incorrect</failureDetail>

But R5206 is for checking the X509_TOKEN, here it is an saml assertion id.

R5206 Any STR_KEY_IDENTIFIER that references an X509_TOKEN MUST have a ValueType attribute with the value of "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509SubjectKeyIdentifier" or "http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1".

Attached is the message logged by monitor.sh. Can you see if it's a tool issue or anything I missed to configure ?



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]